Home » VCIX-NV Study Guide » Monitor security policies with Activity Monitoring and ensure they are being enforced correctly

Monitor security policies with Activity Monitoring and ensure they are being enforced correctly

In order to run any Activity monitoring you must first enable data collection on the Virtual Machine(s). Also, another prerequisite is that vShield Endpoint must be installed, or a domain must be registered with NSX Manager. You can either enable Data collection on a single VM, or multiple VMs, but the process is different between the two. Once that is complete, you should wait at least 5 minutes before running the report or there may not be any data.

Step 3. Specify Membership criteria. This is where you get to be really creative, and specify members by Computer OS Name, Computer Name, VM Name, Security Tag, or Entity. I wanted both of my Web Servers included, so I used VM Name contains “Web”. You can add multiple membership Criterias, or just use one.

Step 4. Specify any additional Objects to include Objects can be a wide variety of things, so I won’t specify them all, but they can include Security Tag, Resource Pool, vNIC, Logical Switch, Cluster, or much more Click Next

View Activity Monitor Reports

From here there are several different types of activity Monitoring you can perform:

VM Activity: Traffic to or from specific virtual machines in your environment

Inbound Activity: All inbound traffic to a virtual machine where the source can be a server pool, security group, or even an AD group

Outbound: View what applications are run by a server pool, or security group and what client applications are making these outbound connections. You can also find all groups and users who are accessing a specific application.

Inter Container Interaction: Traffic between two containers you have defined. These containers can include server pools, security groups, or even AD groups.

In my environment i don’t have vShield Endpoint.
So in this case if i need to use Activity monitoring, is it sufficient if i can integrate my NSX Manager with my active directory.
At present my NSX Manager is not integrated with Domain (Active Directory) & i am not able to enable data collection on any of my VM.

One more question. Can the activity monitoring be enabled continuously or it can be enabled only on need basis.
Is it for continuous monitoring or can be used only whenever we require the monitoring data.